DEV Community: Vítor de Santana Oliveira Norberto The latest articles on DEV Community by Vítor de Santana Oliveira Norberto (@norbertoooo). https://dev.to/norbertoooo https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F383138%2F8f8b5975-f927-4c09-b35d-e118eb5f7d64.jpeg DEV Community: Vítor de Santana Oliveira Norberto https://dev.to/norbertoooo en Gerando certificado SSL com certbot na Oracle Cloud Infrastructure Vítor de Santana Oliveira Norberto Sat, 21 Oct 2023 12:03:39 +0000 https://dev.to/norbertoooo/gerando-certificado-ssl-com-certbot-na-oracle-cloud-infrastructure-3ocl https://dev.to/norbertoooo/gerando-certificado-ssl-com-certbot-na-oracle-cloud-infrastructure-3ocl <p>Necessário antes de seguir esse passo a passo:</p> <ol> <li>Ter uma instância na oci</li> <li>Possuir um domínio</li> </ol> <p><strong>Acesse sua instância via ssh com o comando:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ssh <span class="nt">-i</span> <span class="o">{</span>caminho da sua chave<span class="o">}</span> <span class="o">{</span>usuário da sua instância<span class="o">}</span>@<span class="o">{</span>ip público da instância<span class="o">}</span> </code></pre> </div> <p>ex: <code>ssh -i C:\Users\user\Documents\Cloud\oci\ssh-key.key opc@168.000.000.00</code></p> <p><strong>Instalar o certbot</strong></p> <ul> <li>instalar snap </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>dnf <span class="nb">install </span>https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm <span class="nb">sudo </span>yum update <span class="nt">-y</span> <span class="nb">sudo </span>yum <span class="nb">install </span>snapd <span class="nt">-y</span> <span class="nb">sudo </span>systemctl <span class="nb">enable</span> <span class="nt">--now</span> snapd.socket <span class="nb">sudo ln</span> <span class="nt">-s</span> /var/lib/snapd/snap /snap </code></pre> </div> <ul> <li>instalar certbot </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>yum remove certbot <span class="nb">sudo </span>snap <span class="nb">install</span> <span class="nt">--classic</span> certbot </code></pre> </div> <p><strong>Liberar porta 80 e 433 para tráfego no console da oci</strong></p> <p>caminho: - Computação -&gt; Instâncias -&gt; Detalhes da instância</p> <ul> <li>Na tela de detalhe da sua instância, acesse a sub-net <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--HO544Tlt--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/lv7em74wzckb25aqohys.png" alt="página de Detalhes da instância" width="800" height="395"> </li> <li>acesse a lista de segurança e adicione o tráfego para porta 80(http) e 443 (https)</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--nDoSHJSE--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/0wxzfjbh1u2ot9oyx24y.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--nDoSHJSE--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/0wxzfjbh1u2ot9oyx24y.png" alt="regras de entrada" width="800" height="65"></a></p> <p><strong>Liberar firewall para porta 80</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl status firewalld <span class="nb">sudo </span>systemctl start firewalld <span class="nb">sudo </span>firewall-cmd <span class="nt">--permanent</span> <span class="nt">--add-service</span><span class="o">=</span>http <span class="nb">sudo </span>firewall-cmd <span class="nt">--reload</span> </code></pre> </div> <p><strong>Gerar certificado</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>cerbot certonly <span class="nt">--standalone</span> </code></pre> </div> <p>Os certificados serão gerados no caminho /etc/letsencrypt/live/{nome do seu domínio} porém estarão com permissões apenas para o user root, para poder visualizar terá que alterar as permissões para o user default do oracle-linux que é opc.</p> <h5> Fontes </h5> <p><a href="https://docs.oracle.com/pt-br/iaas/Content/GSG/Tasks/testingconnection.htm#Connecting_to_Your_Instance">conectar a instância com ssh</a><br> <a href="https://certbot.eff.org/instructions?ws=webproduct&amp;os=centosrhel7">instalar certbot</a><br> <a href="https://www.digitalocean.com/community/tutorials/how-to-use-certbot-standalone-mode-to-retrieve-let-s-encrypt-ssl-certificates-on-ubuntu-16-04">gerando certificado com letsencrypt</a></p> cloud oci security ptbr